mirror of
https://github.com/mtan93/install-nextcloud.git
synced 2026-03-08 05:31:52 +00:00
rieger::CLOUD
@@ -1,385 +1,385 @@
|
|||||||
# Carsten Rieger IT-Services
|
# Carsten Rieger IT-Services
|
||||||
# INSTALL-NEXTCLOUD.SH
|
# INSTALL-NEXTCLOUD.SH
|
||||||
# Version 1.1
|
# Version 1.1
|
||||||
# added funtions to make code cleaner, thx @techandme.se
|
# added funtions to make code cleaner, thx @techandme.se
|
||||||
# April 19th, 2018
|
# April 19th, 2018
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
function update_and_clean() {
|
function update_and_clean() {
|
||||||
apt update
|
apt update
|
||||||
apt upgrade -y
|
apt upgrade -y
|
||||||
apt autoclean -y
|
apt autoclean -y
|
||||||
apt autoremove -y
|
apt autoremove -y
|
||||||
}
|
}
|
||||||
function restart_all_services() {
|
function restart_all_services() {
|
||||||
/usr/sbin/service nginx restart
|
/usr/sbin/service nginx restart
|
||||||
/usr/sbin/service mysql restart
|
/usr/sbin/service mysql restart
|
||||||
/usr/sbin/service redis-server restart
|
/usr/sbin/service redis-server restart
|
||||||
/usr/sbin/service php7.2-fpm restart
|
/usr/sbin/service php7.2-fpm restart
|
||||||
}
|
}
|
||||||
cd /usr/local/src
|
cd /usr/local/src
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install software-properties-common python-software-properties zip unzip screen curl ffmpeg libfile-fcntllock-perl -y
|
apt install software-properties-common python-software-properties zip unzip screen curl ffmpeg libfile-fcntllock-perl -y
|
||||||
apt remove nginx nginx-common nginx-full -y --allow-change-held-packages
|
apt remove nginx nginx-common nginx-full -y --allow-change-held-packages
|
||||||
sed -i '$adeb http://nginx.org/packages/ubuntu/ xenial nginx' /etc/apt/sources.list
|
sed -i '$adeb http://nginx.org/packages/ubuntu/ xenial nginx' /etc/apt/sources.list
|
||||||
sed -i '$adeb-src http://nginx.org/packages/ubuntu/ xenial nginx' /etc/apt/sources.list
|
sed -i '$adeb-src http://nginx.org/packages/ubuntu/ xenial nginx' /etc/apt/sources.list
|
||||||
wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key
|
wget http://nginx.org/keys/nginx_signing.key && apt-key add nginx_signing.key
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install nginx -y
|
apt install nginx -y
|
||||||
systemctl enable nginx.service
|
systemctl enable nginx.service
|
||||||
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && touch /etc/nginx/nginx.conf
|
mv /etc/nginx/nginx.conf /etc/nginx/nginx.conf.bak && touch /etc/nginx/nginx.conf
|
||||||
cat <<EOF >/etc/nginx/nginx.conf
|
cat <<EOF >/etc/nginx/nginx.conf
|
||||||
user www-data;
|
user www-data;
|
||||||
worker_processes auto;
|
worker_processes auto;
|
||||||
error_log /var/log/nginx/error.log warn;
|
error_log /var/log/nginx/error.log warn;
|
||||||
pid /var/run/nginx.pid;
|
pid /var/run/nginx.pid;
|
||||||
events {
|
events {
|
||||||
worker_connections 1024;
|
worker_connections 1024;
|
||||||
multi_accept on;
|
multi_accept on;
|
||||||
use epoll;
|
use epoll;
|
||||||
}
|
}
|
||||||
http {
|
http {
|
||||||
server_names_hash_bucket_size 64;
|
server_names_hash_bucket_size 64;
|
||||||
upstream php-handler {
|
upstream php-handler {
|
||||||
server unix:/run/php/php7.2-fpm.sock;
|
server unix:/run/php/php7.2-fpm.sock;
|
||||||
}
|
}
|
||||||
include /etc/nginx/mime.types;
|
include /etc/nginx/mime.types;
|
||||||
#include /etc/nginx/proxy.conf;
|
#include /etc/nginx/proxy.conf;
|
||||||
#include /etc/nginx/ssl.conf;
|
#include /etc/nginx/ssl.conf;
|
||||||
#include /etc/nginx/header.conf;
|
#include /etc/nginx/header.conf;
|
||||||
#include /etc/nginx/optimization.conf;
|
#include /etc/nginx/optimization.conf;
|
||||||
default_type application/octet-stream;
|
default_type application/octet-stream;
|
||||||
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" "\$http_x_forwarded_for" "\$host" sn="\$server_name" rt=\$request_time ua="\$upstream_addr" us="\$upstream_status" ut="\$upstream_response_time" ul="\$upstream_response_length" cs=\$upstream_cache_status' ;
|
log_format main '\$remote_addr - \$remote_user [\$time_local] "\$request" \$status \$body_bytes_sent "\$http_referer" "\$http_user_agent" "\$http_x_forwarded_for" "\$host" sn="\$server_name" rt=\$request_time ua="\$upstream_addr" us="\$upstream_status" ut="\$upstream_response_time" ul="\$upstream_response_length" cs=\$upstream_cache_status' ;
|
||||||
access_log /var/log/nginx/access.log main;
|
access_log /var/log/nginx/access.log main;
|
||||||
sendfile on;
|
sendfile on;
|
||||||
send_timeout 3600;
|
send_timeout 3600;
|
||||||
tcp_nopush on;
|
tcp_nopush on;
|
||||||
tcp_nodelay on;
|
tcp_nodelay on;
|
||||||
open_file_cache max=500 inactive=10m;
|
open_file_cache max=500 inactive=10m;
|
||||||
open_file_cache_errors on;
|
open_file_cache_errors on;
|
||||||
keepalive_timeout 65;
|
keepalive_timeout 65;
|
||||||
reset_timedout_connection on;
|
reset_timedout_connection on;
|
||||||
server_tokens off;
|
server_tokens off;
|
||||||
resolver 208.67.222.222;
|
resolver 208.67.222.222;
|
||||||
resolver_timeout 10s;
|
resolver_timeout 10s;
|
||||||
include /etc/nginx/conf.d/*.conf;
|
include /etc/nginx/conf.d/*.conf;
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
service nginx restart
|
service nginx restart
|
||||||
mkdir -p /var/nc_data /var/www/letsencrypt /usr/local/tmp/cache /usr/local/tmp/sessions /usr/local/tmp/apc /upload_tmp
|
mkdir -p /var/nc_data /var/www/letsencrypt /usr/local/tmp/cache /usr/local/tmp/sessions /usr/local/tmp/apc /upload_tmp
|
||||||
chown -R www-data:www-data /upload_tmp /var/nc_data /var/www
|
chown -R www-data:www-data /upload_tmp /var/nc_data /var/www
|
||||||
chown -R www-data:root /usr/local/tmp/sessions /usr/local/tmp/cache /usr/local/tmp/apc
|
chown -R www-data:root /usr/local/tmp/sessions /usr/local/tmp/cache /usr/local/tmp/apc
|
||||||
apt install language-pack-en-base -y
|
apt install language-pack-en-base -y
|
||||||
sudo LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php -y
|
sudo LC_ALL=en_US.UTF-8 add-apt-repository ppa:ondrej/php -y
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install php7.2-fpm php7.2-gd php7.2-mysql php7.2-curl php7.2-xml php7.2-zip php7.2-intl php7.2-mbstring php7.2-json php7.2-bz2 php7.2-ldap php-apcu imagemagick php-imagick -y
|
apt install php7.2-fpm php7.2-gd php7.2-mysql php7.2-curl php7.2-xml php7.2-zip php7.2-intl php7.2-mbstring php7.2-json php7.2-bz2 php7.2-ldap php-apcu imagemagick php-imagick -y
|
||||||
cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf.bak
|
cp /etc/php/7.2/fpm/pool.d/www.conf /etc/php/7.2/fpm/pool.d/www.conf.bak
|
||||||
cp /etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini.bak
|
cp /etc/php/7.2/cli/php.ini /etc/php/7.2/cli/php.ini.bak
|
||||||
cp /etc/php/7.2/fpm/php.ini /etc/php/7.2/fpm/php.ini.bak
|
cp /etc/php/7.2/fpm/php.ini /etc/php/7.2/fpm/php.ini.bak
|
||||||
cp /etc/php/7.2/fpm/php-fpm.conf /etc/php/7.2/fpm/php-fpm.conf.bak
|
cp /etc/php/7.2/fpm/php-fpm.conf /etc/php/7.2/fpm/php-fpm.conf.bak
|
||||||
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;env\[HOSTNAME\] = /env[HOSTNAME] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;env\[TMP\] = /env[TMP] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;env\[TMPDIR\] = /env[TMPDIR] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;env\[TEMP\] = /env[TEMP] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;env\[PATH\] = /env[PATH] = /" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/pm.max_children = .*/pm.max_children = 240/" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/pm.start_servers = .*/pm.start_servers = 20/" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/pm.min_spare_servers = .*/pm.min_spare_servers = 10/" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/pm.max_spare_servers = .*/pm.max_spare_servers = 20/" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/7.2/fpm/pool.d/www.conf
|
sed -i "s/;pm.max_requests = 500/pm.max_requests = 500/" /etc/php/7.2/fpm/pool.d/www.conf
|
||||||
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.2/cli/php.ini
|
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.2/cli/php.ini
|
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.2/cli/php.ini
|
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.2/cli/php.ini
|
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/7.2/cli/php.ini
|
sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.2/cli/php.ini
|
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.2/cli/php.ini
|
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.2/cli/php.ini
|
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.2/cli/php.ini
|
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/;session.save_path =.*/session.save_path = \"N;700;\/usr\/local\/tmp\/sessions\"/" /etc/php/7.2/cli/php.ini
|
sed -i "s/;session.save_path =.*/session.save_path = \"N;700;\/usr\/local\/tmp\/sessions\"/" /etc/php/7.2/cli/php.ini
|
||||||
sed -i '$aapc.enable_cli = 1' /etc/php/7.2/cli/php.ini
|
sed -i '$aapc.enable_cli = 1' /etc/php/7.2/cli/php.ini
|
||||||
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/memory_limit = 128M/memory_limit = 512M/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/output_buffering =.*/output_buffering = 'Off'/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/max_execution_time =.*/max_execution_time = 1800/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/max_input_time =.*/max_input_time = 3600/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/post_max_size =.*/post_max_size = 10240M/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;upload_tmp_dir =.*/upload_tmp_dir = \/upload_tmp/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/upload_max_filesize =.*/upload_max_filesize = 10240M/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/max_file_uploads =.*/max_file_uploads = 100/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;date.timezone.*/date.timezone = Europe\/\Berlin/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;session.cookie_secure.*/session.cookie_secure = True/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.enable=.*/opcache.enable=1/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.enable_cli=.*/opcache.enable_cli=1/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.memory_consumption=.*/opcache.memory_consumption=128/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.interned_strings_buffer=.*/opcache.interned_strings_buffer=8/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.max_accelerated_files=.*/opcache.max_accelerated_files=10000/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.revalidate_freq=.*/opcache.revalidate_freq=1/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;session.save_path =.*/session.save_path = \"N;700;\/usr\/local\/tmp\/sessions\"/" /etc/php/7.2/fpm/php.ini
|
sed -i "s/;session.save_path =.*/session.save_path = \"N;700;\/usr\/local\/tmp\/sessions\"/" /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/7.2/fpm/php-fpm.conf
|
sed -i "s/;emergency_restart_threshold =.*/emergency_restart_threshold = 10/" /etc/php/7.2/fpm/php-fpm.conf
|
||||||
sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/7.2/fpm/php-fpm.conf
|
sed -i "s/;emergency_restart_interval =.*/emergency_restart_interval = 1m/" /etc/php/7.2/fpm/php-fpm.conf
|
||||||
sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/7.2/fpm/php-fpm.conf
|
sed -i "s/;process_control_timeout =.*/process_control_timeout = 10s/" /etc/php/7.2/fpm/php-fpm.conf
|
||||||
sed -i '$aapc.enabled=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.enabled=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.file_update_protection=2' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.file_update_protection=2' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.optimization=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.optimization=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.shm_size=256M' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.shm_size=256M' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.include_once_override=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.include_once_override=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.shm_segments=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.shm_segments=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.ttl=7200' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.ttl=7200' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.user_ttl=7200' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.user_ttl=7200' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.gc_ttl=3600' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.gc_ttl=3600' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.num_files_hint=1024' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.num_files_hint=1024' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.enable_cli=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.enable_cli=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.max_file_size=5M' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.max_file_size=5M' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.cache_by_default=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.cache_by_default=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.use_request_time=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.use_request_time=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.slam_defense=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.slam_defense=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.mmap_file_mask=/usr/local/tmp/apc.XXXXXX' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.mmap_file_mask=/usr/local/tmp/apc.XXXXXX' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.stat_ctime=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.stat_ctime=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.canonicalize=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.canonicalize=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.write_lock=1' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.write_lock=1' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.report_autofilter=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.report_autofilter=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.rfc1867=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.rfc1867=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.rfc1867_prefix =upload_' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.rfc1867_prefix =upload_' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.rfc1867_name=APC_UPLOAD_PROGRESS' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.rfc1867_name=APC_UPLOAD_PROGRESS' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.rfc1867_freq=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.rfc1867_freq=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.rfc1867_ttl=3600' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.rfc1867_ttl=3600' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.lazy_classes=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.lazy_classes=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i '$aapc.lazy_functions=0' /etc/php/7.2/fpm/php.ini
|
sed -i '$aapc.lazy_functions=0' /etc/php/7.2/fpm/php.ini
|
||||||
sed -i "s/09,39.*/# &/" /etc/cron.d/php
|
sed -i "s/09,39.*/# &/" /etc/cron.d/php
|
||||||
(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -
|
(crontab -l ; echo "09,39 * * * * /usr/lib/php/sessionclean 2>&1") | crontab -u root -
|
||||||
sed -i '$atmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
sed -i '$atmpfs /tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
||||||
sed -i '$atmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
sed -i '$atmpfs /var/tmp tmpfs defaults,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
||||||
sed -i '$atmpfs /usr/local/tmp/apc tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
sed -i '$atmpfs /usr/local/tmp/apc tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
||||||
sed -i '$atmpfs /usr/local/tmp/cache tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
sed -i '$atmpfs /usr/local/tmp/cache tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
||||||
sed -i '$atmpfs /usr/local/tmp/sessions tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
sed -i '$atmpfs /usr/local/tmp/sessions tmpfs defaults,uid=33,size=300M,noatime,nosuid,nodev,noexec,mode=1777 0 0' /etc/fstab
|
||||||
mount -a
|
mount -a
|
||||||
service php7.2-fpm restart
|
service php7.2-fpm restart
|
||||||
service nginx restart
|
service nginx restart
|
||||||
apt install mariadb-server -y
|
apt install mariadb-server -y
|
||||||
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
|
mv /etc/mysql/my.cnf /etc/mysql/my.cnf.bak
|
||||||
touch /etc/mysql/my.cnf
|
touch /etc/mysql/my.cnf
|
||||||
cat <<EOF >/etc/mysql/my.cnf
|
cat <<EOF >/etc/mysql/my.cnf
|
||||||
[server]
|
[server]
|
||||||
skip-name-resolve
|
skip-name-resolve
|
||||||
innodb_buffer_pool_size = 128M
|
innodb_buffer_pool_size = 128M
|
||||||
innodb_buffer_pool_instances = 1
|
innodb_buffer_pool_instances = 1
|
||||||
innodb_flush_log_at_trx_commit = 2
|
innodb_flush_log_at_trx_commit = 2
|
||||||
innodb_log_buffer_size = 32M
|
innodb_log_buffer_size = 32M
|
||||||
innodb_max_dirty_pages_pct = 90
|
innodb_max_dirty_pages_pct = 90
|
||||||
query_cache_type = 1
|
query_cache_type = 1
|
||||||
query_cache_limit = 2M
|
query_cache_limit = 2M
|
||||||
query_cache_min_res_unit = 2k
|
query_cache_min_res_unit = 2k
|
||||||
query_cache_size = 64M
|
query_cache_size = 64M
|
||||||
tmp_table_size= 64M
|
tmp_table_size= 64M
|
||||||
max_heap_table_size= 64M
|
max_heap_table_size= 64M
|
||||||
slow-query-log = 1
|
slow-query-log = 1
|
||||||
slow-query-log-file = /var/log/mysql/slow.log
|
slow-query-log-file = /var/log/mysql/slow.log
|
||||||
long_query_time = 1
|
long_query_time = 1
|
||||||
|
|
||||||
[client-server]
|
[client-server]
|
||||||
!includedir /etc/mysql/conf.d/
|
!includedir /etc/mysql/conf.d/
|
||||||
!includedir /etc/mysql/mariadb.conf.d/
|
!includedir /etc/mysql/mariadb.conf.d/
|
||||||
|
|
||||||
[client]
|
[client]
|
||||||
default-character-set = utf8mb4
|
default-character-set = utf8mb4
|
||||||
|
|
||||||
[mysqld]
|
[mysqld]
|
||||||
character-set-server = utf8mb4
|
character-set-server = utf8mb4
|
||||||
collation-server = utf8mb4_general_ci
|
collation-server = utf8mb4_general_ci
|
||||||
binlog_format = MIXED
|
binlog_format = MIXED
|
||||||
innodb_large_prefix=on
|
innodb_large_prefix=on
|
||||||
innodb_file_format=barracuda
|
innodb_file_format=barracuda
|
||||||
innodb_file_per_table=1
|
innodb_file_per_table=1
|
||||||
EOF
|
EOF
|
||||||
service mysql restart && mysql -uroot <<EOF
|
service mysql restart && mysql -uroot <<EOF
|
||||||
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
|
CREATE DATABASE nextcloud CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
|
||||||
CREATE USER nextcloud@localhost identified by 'nextcloud';
|
CREATE USER nextcloud@localhost identified by 'nextcloud';
|
||||||
GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost;
|
GRANT ALL PRIVILEGES on nextcloud.* to nextcloud@localhost;
|
||||||
FLUSH privileges;
|
FLUSH privileges;
|
||||||
EOF
|
EOF
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install redis-server php-redis -y
|
apt install redis-server php-redis -y
|
||||||
cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
|
cp /etc/redis/redis.conf /etc/redis/redis.conf.bak
|
||||||
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
|
sed -i "s/port 6379/port 0/" /etc/redis/redis.conf
|
||||||
sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
|
sed -i s/\#\ unixsocket/\unixsocket/g /etc/redis/redis.conf
|
||||||
sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
|
sed -i "s/unixsocketperm 700/unixsocketperm 770/" /etc/redis/redis.conf
|
||||||
sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
|
sed -i "s/# maxclients 10000/maxclients 512/" /etc/redis/redis.conf
|
||||||
usermod -a -G redis www-data
|
usermod -a -G redis www-data
|
||||||
cp /etc/sysctl.conf /etc/sysctl.conf.bak && sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
|
cp /etc/sysctl.conf /etc/sysctl.conf.bak && sed -i '$avm.overcommit_memory = 1' /etc/sysctl.conf
|
||||||
cp /etc/rc.local /etc/rc.local.bak && sed -i '$i \sysctl -w net.core.somaxconn=65535' /etc/rc.local
|
cp /etc/rc.local /etc/rc.local.bak && sed -i '$i \sysctl -w net.core.somaxconn=65535' /etc/rc.local
|
||||||
apt install ssl-cert -y
|
apt install ssl-cert -y
|
||||||
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
|
mv /etc/nginx/conf.d/default.conf /etc/nginx/conf.d/default.conf.bak
|
||||||
touch /etc/nginx/conf.d/default.conf
|
touch /etc/nginx/conf.d/default.conf
|
||||||
cat <<EOF >/etc/nginx/conf.d/nextcloud.conf
|
cat <<EOF >/etc/nginx/conf.d/nextcloud.conf
|
||||||
server {
|
server {
|
||||||
server_name YOUR.DEDYN.IO;
|
server_name YOUR.DEDYN.IO;
|
||||||
listen 80 default_server;
|
listen 80 default_server;
|
||||||
location ^~ /.well-known/acme-challenge {
|
location ^~ /.well-known/acme-challenge {
|
||||||
proxy_pass http://127.0.0.1:81;
|
proxy_pass http://127.0.0.1:81;
|
||||||
proxy_set_header Host \$host;
|
proxy_set_header Host \$host;
|
||||||
}
|
}
|
||||||
location / {
|
location / {
|
||||||
return 301 https://\$host\$request_uri;
|
return 301 https://\$host\$request_uri;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
server {
|
server {
|
||||||
server_name YOUR.DEDYN.IO;
|
server_name YOUR.DEDYN.IO;
|
||||||
listen 443 ssl http2 default_server;
|
listen 443 ssl http2 default_server;
|
||||||
root /var/www/nextcloud/;
|
root /var/www/nextcloud/;
|
||||||
access_log /var/log/nginx/nextcloud.access.log main;
|
access_log /var/log/nginx/nextcloud.access.log main;
|
||||||
error_log /var/log/nginx/nextcloud.error.log warn;
|
error_log /var/log/nginx/nextcloud.error.log warn;
|
||||||
location = /robots.txt {
|
location = /robots.txt {
|
||||||
allow all;
|
allow all;
|
||||||
log_not_found off;
|
log_not_found off;
|
||||||
access_log off;
|
access_log off;
|
||||||
}
|
}
|
||||||
location = /.well-known/carddav {
|
location = /.well-known/carddav {
|
||||||
return 301 \$scheme://\$host/remote.php/dav;
|
return 301 \$scheme://\$host/remote.php/dav;
|
||||||
}
|
}
|
||||||
location = /.well-known/caldav {
|
location = /.well-known/caldav {
|
||||||
return 301 \$scheme://\$host/remote.php/dav;
|
return 301 \$scheme://\$host/remote.php/dav;
|
||||||
}
|
}
|
||||||
client_max_body_size 10240M;
|
client_max_body_size 10240M;
|
||||||
location / {
|
location / {
|
||||||
rewrite ^ /index.php\$uri;
|
rewrite ^ /index.php\$uri;
|
||||||
}
|
}
|
||||||
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
|
||||||
deny all;
|
deny all;
|
||||||
}
|
}
|
||||||
location ~ \.(?:flv|mp4|mov|m4a)\$ {
|
location ~ \.(?:flv|mp4|mov|m4a)\$ {
|
||||||
mp4;
|
mp4;
|
||||||
mp4_buffer_size 100m;
|
mp4_buffer_size 100m;
|
||||||
mp4_max_buffer_size 1024m;
|
mp4_max_buffer_size 1024m;
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
|
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
include php_optimization.conf;
|
include php_optimization.conf;
|
||||||
fastcgi_pass php-handler;
|
fastcgi_pass php-handler;
|
||||||
fastcgi_param HTTPS on;
|
fastcgi_param HTTPS on;
|
||||||
}
|
}
|
||||||
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) {
|
location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:\$|/) {
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
|
fastcgi_split_path_info ^(.+\.php)(/.*)\$;
|
||||||
include fastcgi_params;
|
include fastcgi_params;
|
||||||
include php_optimization.conf;
|
include php_optimization.conf;
|
||||||
fastcgi_pass php-handler;
|
fastcgi_pass php-handler;
|
||||||
fastcgi_param HTTPS on;
|
fastcgi_param HTTPS on;
|
||||||
}
|
}
|
||||||
location ~ ^/(?:updater|ocs-provider)(?:\$|/) {
|
location ~ ^/(?:updater|ocs-provider)(?:\$|/) {
|
||||||
try_files \$uri/ =404;
|
try_files \$uri/ =404;
|
||||||
index index.php;
|
index index.php;
|
||||||
}
|
}
|
||||||
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)\$ {
|
location ~ \.(?:css|js|woff|svg|gif|png|html|ttf|ico|jpg|jpeg)\$ {
|
||||||
try_files \$uri /index.php\$uri\$is_args\$args;
|
try_files \$uri /index.php\$uri\$is_args\$args;
|
||||||
access_log off;
|
access_log off;
|
||||||
expires 360d;
|
expires 360d;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/conf.d/letsencrypt.conf
|
touch /etc/nginx/conf.d/letsencrypt.conf
|
||||||
cat <<EOF >/etc/nginx/conf.d/letsencrypt.conf
|
cat <<EOF >/etc/nginx/conf.d/letsencrypt.conf
|
||||||
server {
|
server {
|
||||||
server_name 127.0.0.1;
|
server_name 127.0.0.1;
|
||||||
listen 127.0.0.1:81 default_server;
|
listen 127.0.0.1:81 default_server;
|
||||||
charset utf-8;
|
charset utf-8;
|
||||||
access_log /var/log/nginx/le.access.log main;
|
access_log /var/log/nginx/le.access.log main;
|
||||||
error_log /var/log/nginx/le.error.log warn;
|
error_log /var/log/nginx/le.error.log warn;
|
||||||
location ^~ /.well-known/acme-challenge {
|
location ^~ /.well-known/acme-challenge {
|
||||||
default_type text/plain;
|
default_type text/plain;
|
||||||
root /var/www/letsencrypt;
|
root /var/www/letsencrypt;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/ssl.conf
|
touch /etc/nginx/ssl.conf
|
||||||
cat <<EOF >/etc/nginx/ssl.conf
|
cat <<EOF >/etc/nginx/ssl.conf
|
||||||
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||||
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
|
||||||
ssl_trusted_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
ssl_trusted_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
|
||||||
#ssl_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
|
#ssl_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
|
||||||
#ssl_certificate_key /etc/letsencrypt/live/YOUR.DEDYN.IO/privkey.pem;
|
#ssl_certificate_key /etc/letsencrypt/live/YOUR.DEDYN.IO/privkey.pem;
|
||||||
#ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
|
#ssl_trusted_certificate /etc/letsencrypt/live/YOUR.DEDYN.IO/fullchain.pem;
|
||||||
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
#ssl_dhparam /etc/ssl/certs/dhparam.pem;
|
||||||
ssl_session_timeout 1d;
|
ssl_session_timeout 1d;
|
||||||
ssl_session_cache shared:SSL:50m;
|
ssl_session_cache shared:SSL:50m;
|
||||||
ssl_session_tickets off;
|
ssl_session_tickets off;
|
||||||
ssl_protocols TLSv1.2;
|
ssl_protocols TLSv1.2;
|
||||||
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128';
|
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!AES128';
|
||||||
ssl_prefer_server_ciphers on;
|
ssl_prefer_server_ciphers on;
|
||||||
ssl_ecdh_curve secp384r1;
|
ssl_ecdh_curve secp384r1;
|
||||||
#ssl_stapling on;
|
#ssl_stapling on;
|
||||||
#ssl_stapling_verify on;
|
#ssl_stapling_verify on;
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/proxy.conf
|
touch /etc/nginx/proxy.conf
|
||||||
cat <<EOF >/etc/nginx/proxy.conf
|
cat <<EOF >/etc/nginx/proxy.conf
|
||||||
proxy_set_header Host \$host;
|
proxy_set_header Host \$host;
|
||||||
proxy_set_header X-Real-IP \$remote_addr;
|
proxy_set_header X-Real-IP \$remote_addr;
|
||||||
proxy_set_header X-Forwarded-Host \$host;
|
proxy_set_header X-Forwarded-Host \$host;
|
||||||
proxy_set_header X-Forwarded-Protocol \$scheme;
|
proxy_set_header X-Forwarded-Protocol \$scheme;
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
proxy_set_header X-Forwarded-Port \$server_port;
|
proxy_set_header X-Forwarded-Port \$server_port;
|
||||||
proxy_set_header X-Forwarded-Server \$host;
|
proxy_set_header X-Forwarded-Server \$host;
|
||||||
proxy_connect_timeout 3600;
|
proxy_connect_timeout 3600;
|
||||||
proxy_send_timeout 3600;
|
proxy_send_timeout 3600;
|
||||||
proxy_read_timeout 3600;
|
proxy_read_timeout 3600;
|
||||||
proxy_redirect off;
|
proxy_redirect off;
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/header.conf
|
touch /etc/nginx/header.conf
|
||||||
cat <<EOF >/etc/nginx/header.conf
|
cat <<EOF >/etc/nginx/header.conf
|
||||||
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
|
||||||
add_header X-Robots-Tag none;
|
add_header X-Robots-Tag none;
|
||||||
add_header X-Download-Options noopen;
|
add_header X-Download-Options noopen;
|
||||||
add_header X-Permitted-Cross-Domain-Policies none;
|
add_header X-Permitted-Cross-Domain-Policies none;
|
||||||
add_header X-Content-Type-Options "nosniff" always;
|
add_header X-Content-Type-Options "nosniff" always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "same-origin" always;
|
add_header Referrer-Policy "same-origin" always;
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/optimization.conf
|
touch /etc/nginx/optimization.conf
|
||||||
cat <<EOF >/etc/nginx/optimization.conf
|
cat <<EOF >/etc/nginx/optimization.conf
|
||||||
fastcgi_read_timeout 3600;
|
fastcgi_read_timeout 3600;
|
||||||
fastcgi_buffers 64 64K;
|
fastcgi_buffers 64 64K;
|
||||||
fastcgi_buffer_size 256k;
|
fastcgi_buffer_size 256k;
|
||||||
fastcgi_busy_buffers_size 3840K;
|
fastcgi_busy_buffers_size 3840K;
|
||||||
fastcgi_cache_key \$http_cookie$request_method$host$request_uri;
|
fastcgi_cache_key \$http_cookie$request_method$host$request_uri;
|
||||||
fastcgi_cache_use_stale error timeout invalid_header http_500;
|
fastcgi_cache_use_stale error timeout invalid_header http_500;
|
||||||
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
|
||||||
gzip on;
|
gzip on;
|
||||||
gzip_vary on;
|
gzip_vary on;
|
||||||
gzip_comp_level 4;
|
gzip_comp_level 4;
|
||||||
gzip_min_length 256;
|
gzip_min_length 256;
|
||||||
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
|
||||||
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
|
||||||
gzip_disable "MSIE [1-6]\.";
|
gzip_disable "MSIE [1-6]\.";
|
||||||
EOF
|
EOF
|
||||||
touch /etc/nginx/php_optimization.conf
|
touch /etc/nginx/php_optimization.conf
|
||||||
cat <<EOF >/etc/nginx/php_optimization.conf
|
cat <<EOF >/etc/nginx/php_optimization.conf
|
||||||
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
|
||||||
fastcgi_param PATH_INFO \$fastcgi_path_info;
|
fastcgi_param PATH_INFO \$fastcgi_path_info;
|
||||||
fastcgi_param modHeadersAvailable true;
|
fastcgi_param modHeadersAvailable true;
|
||||||
fastcgi_param front_controller_active true;
|
fastcgi_param front_controller_active true;
|
||||||
fastcgi_intercept_errors on;
|
fastcgi_intercept_errors on;
|
||||||
fastcgi_request_buffering off;
|
fastcgi_request_buffering off;
|
||||||
fastcgi_cache_valid 404 1m;
|
fastcgi_cache_valid 404 1m;
|
||||||
fastcgi_cache_valid any 1h;
|
fastcgi_cache_valid any 1h;
|
||||||
fastcgi_cache_methods GET HEAD;
|
fastcgi_cache_methods GET HEAD;
|
||||||
EOF
|
EOF
|
||||||
sed -i s/\#\include/\include/g /etc/nginx/nginx.conf
|
sed -i s/\#\include/\include/g /etc/nginx/nginx.conf
|
||||||
sed -i "s/server_name YOUR.DEDYN.IO;/server_name $(hostname);/" /etc/nginx/conf.d/nextcloud.conf
|
sed -i "s/server_name YOUR.DEDYN.IO;/server_name $(hostname);/" /etc/nginx/conf.d/nextcloud.conf
|
||||||
(crontab -u www-data -l ; echo "*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1") | crontab -u www-data -
|
(crontab -u www-data -l ; echo "*/15 * * * * php -f /var/www/nextcloud/cron.php > /dev/null 2>&1") | crontab -u www-data -
|
||||||
service nginx restart
|
service nginx restart
|
||||||
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
|
wget https://download.nextcloud.com/server/releases/latest.tar.bz2
|
||||||
tar -xjf latest.tar.bz2 -C /var/www
|
tar -xjf latest.tar.bz2 -C /var/www
|
||||||
chown -R www-data:www-data /var/www/
|
chown -R www-data:www-data /var/www/
|
||||||
rm latest.tar.bz2
|
rm latest.tar.bz2
|
||||||
update_and_clean
|
update_and_clean
|
||||||
restart_all_services
|
restart_all_services
|
||||||
clear
|
clear
|
||||||
echo "###############################################################################"
|
echo "###############################################################################"
|
||||||
echo " Nextcloud is up and running. Please open your browser and call:"
|
echo " Nextcloud is up and running. Please open your browser and call:"
|
||||||
echo "###############################################################################"
|
echo "###############################################################################"
|
||||||
echo ""
|
echo ""
|
||||||
echo " https://$(hostname)"
|
echo " https://$(hostname)"
|
||||||
echo ""
|
echo ""
|
||||||
echo " and confirm the upcoming ssl warning caused by the self-signed certificates. "
|
echo " and confirm the upcoming ssl warning caused by the self-signed certificates. "
|
||||||
echo "###############################################################################"
|
echo "###############################################################################"
|
||||||
exit 0
|
exit 0
|
||||||
234
optimizations.sh
234
optimizations.sh
@@ -1,118 +1,118 @@
|
|||||||
# Carsten Rieger IT-Services
|
# Carsten Rieger IT-Services
|
||||||
# OPTIMIZATIONS.SH
|
# OPTIMIZATIONS.SH
|
||||||
# Version 1.1
|
# Version 1.1
|
||||||
# added funtions to make code cleaner, thx @techandme.se
|
# added funtions to make code cleaner, thx @techandme.se
|
||||||
# April 19th, 2018
|
# April 19th, 2018
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
function update_and_clean() {
|
function update_and_clean() {
|
||||||
apt update
|
apt update
|
||||||
apt upgrade -y
|
apt upgrade -y
|
||||||
apt autoclean -y
|
apt autoclean -y
|
||||||
apt autoremove -y
|
apt autoremove -y
|
||||||
}
|
}
|
||||||
function restart_all_services() {
|
function restart_all_services() {
|
||||||
/usr/sbin/service nginx restart
|
/usr/sbin/service nginx restart
|
||||||
/usr/sbin/service mysql restart
|
/usr/sbin/service mysql restart
|
||||||
/usr/sbin/service redis-server restart
|
/usr/sbin/service redis-server restart
|
||||||
/usr/sbin/service php7.2-fpm restart
|
/usr/sbin/service php7.2-fpm restart
|
||||||
}
|
}
|
||||||
function nextcloud_scan_data() {
|
function nextcloud_scan_data() {
|
||||||
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
|
sudo -u www-data php /var/www/nextcloud/occ files:scan --all
|
||||||
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
|
sudo -u www-data php /var/www/nextcloud/occ files:scan-app-data
|
||||||
fail2ban-client status nextcloud
|
fail2ban-client status nextcloud
|
||||||
ufw status verbose
|
ufw status verbose
|
||||||
}
|
}
|
||||||
cp /var/www/nextcloud/.user.ini /var/www/nextcloud/.user.ini.bak
|
cp /var/www/nextcloud/.user.ini /var/www/nextcloud/.user.ini.bak
|
||||||
sudo -u www-data sed -i "s/upload_max_filesize=.*/upload_max_filesize=10240M/" /var/www/nextcloud/.user.ini
|
sudo -u www-data sed -i "s/upload_max_filesize=.*/upload_max_filesize=10240M/" /var/www/nextcloud/.user.ini
|
||||||
sudo -u www-data sed -i "s/post_max_size=.*/post_max_size=10240M/" /var/www/nextcloud/.user.ini
|
sudo -u www-data sed -i "s/post_max_size=.*/post_max_size=10240M/" /var/www/nextcloud/.user.ini
|
||||||
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
|
sudo -u www-data sed -i "s/output_buffering=.*/output_buffering='Off'/" /var/www/nextcloud/.user.ini
|
||||||
sudo -u www-data cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
|
sudo -u www-data cp /var/www/nextcloud/config/config.php /var/www/nextcloud/config/config.php.bak
|
||||||
sudo -u www-data php /var/www/nextcloud/occ background:cron
|
sudo -u www-data php /var/www/nextcloud/occ background:cron
|
||||||
sed -i '/);/d' /var/www/nextcloud/config/config.php
|
sed -i '/);/d' /var/www/nextcloud/config/config.php
|
||||||
cat <<EOF >>/var/www/nextcloud/config/config.php
|
cat <<EOF >>/var/www/nextcloud/config/config.php
|
||||||
'activity_expire_days' => 14,
|
'activity_expire_days' => 14,
|
||||||
'auth.bruteforce.protection.enabled' => true,
|
'auth.bruteforce.protection.enabled' => true,
|
||||||
'blacklisted_files' =>
|
'blacklisted_files' =>
|
||||||
array (
|
array (
|
||||||
0 => '.htaccess',
|
0 => '.htaccess',
|
||||||
1 => 'Thumbs.db',
|
1 => 'Thumbs.db',
|
||||||
2 => 'thumbs.db',
|
2 => 'thumbs.db',
|
||||||
),
|
),
|
||||||
'cron_log' => true,
|
'cron_log' => true,
|
||||||
'enable_previews' => true,
|
'enable_previews' => true,
|
||||||
'enabledPreviewProviders' =>
|
'enabledPreviewProviders' =>
|
||||||
array (
|
array (
|
||||||
0 => 'OC\\Preview\\PNG',
|
0 => 'OC\\Preview\\PNG',
|
||||||
1 => 'OC\\Preview\\JPEG',
|
1 => 'OC\\Preview\\JPEG',
|
||||||
2 => 'OC\\Preview\\GIF',
|
2 => 'OC\\Preview\\GIF',
|
||||||
3 => 'OC\\Preview\\BMP',
|
3 => 'OC\\Preview\\BMP',
|
||||||
4 => 'OC\\Preview\\XBitmap',
|
4 => 'OC\\Preview\\XBitmap',
|
||||||
5 => 'OC\\Preview\\Movie',
|
5 => 'OC\\Preview\\Movie',
|
||||||
6 => 'OC\\Preview\\PDF',
|
6 => 'OC\\Preview\\PDF',
|
||||||
7 => 'OC\\Preview\\MP3',
|
7 => 'OC\\Preview\\MP3',
|
||||||
8 => 'OC\\Preview\\TXT',
|
8 => 'OC\\Preview\\TXT',
|
||||||
9 => 'OC\\Preview\\MarkDown',
|
9 => 'OC\\Preview\\MarkDown',
|
||||||
),
|
),
|
||||||
'filesystem_check_changes' => 0,
|
'filesystem_check_changes' => 0,
|
||||||
'filelocking.enabled' => 'true',
|
'filelocking.enabled' => 'true',
|
||||||
'htaccess.RewriteBase' => '/',
|
'htaccess.RewriteBase' => '/',
|
||||||
'integrity.check.disabled' => false,
|
'integrity.check.disabled' => false,
|
||||||
'knowledgebaseenabled' => false,
|
'knowledgebaseenabled' => false,
|
||||||
'logtimezone' => 'Europe/Berlin',
|
'logtimezone' => 'Europe/Berlin',
|
||||||
'log_rotate_size' => 104857600,
|
'log_rotate_size' => 104857600,
|
||||||
'memcache.local' => '\\OC\\Memcache\\APCu',
|
'memcache.local' => '\\OC\\Memcache\\APCu',
|
||||||
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
'memcache.locking' => '\\OC\\Memcache\\Redis',
|
||||||
'preview_max_x' => 1024,
|
'preview_max_x' => 1024,
|
||||||
'preview_max_y' => 768,
|
'preview_max_y' => 768,
|
||||||
'preview_max_scale_factor' => 1,
|
'preview_max_scale_factor' => 1,
|
||||||
'redis' =>
|
'redis' =>
|
||||||
array (
|
array (
|
||||||
'host' => '/var/run/redis/redis.sock',
|
'host' => '/var/run/redis/redis.sock',
|
||||||
'port' => 0,
|
'port' => 0,
|
||||||
'timeout' => 0.0,
|
'timeout' => 0.0,
|
||||||
),
|
),
|
||||||
'quota_include_external_storage' => false,
|
'quota_include_external_storage' => false,
|
||||||
'share_folder' => '/Shares',
|
'share_folder' => '/Shares',
|
||||||
'skeletondirectory' => '',
|
'skeletondirectory' => '',
|
||||||
'trashbin_retention_obligation' => 'auto, 7',
|
'trashbin_retention_obligation' => 'auto, 7',
|
||||||
);
|
);
|
||||||
EOF
|
EOF
|
||||||
restart_all_services
|
restart_all_services
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install fail2ban -y
|
apt install fail2ban -y
|
||||||
touch /etc/fail2ban/filter.d/nextcloud.conf
|
touch /etc/fail2ban/filter.d/nextcloud.conf
|
||||||
cat <<EOF >/etc/fail2ban/filter.d/nextcloud.conf
|
cat <<EOF >/etc/fail2ban/filter.d/nextcloud.conf
|
||||||
[Definition]
|
[Definition]
|
||||||
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}\$
|
failregex=^{"reqId":".*","remoteAddr":".*","app":"core","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)","level":2,"time":".*"}\$
|
||||||
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}\$
|
^{"reqId":".*","level":2,"time":".*","remoteAddr":".*","app":"core".*","message":"Login failed: '.*' \(Remote IP: '<HOST>'\)".*}\$
|
||||||
^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*\$
|
^.*\"remoteAddr\":\"<HOST>\".*Trusted domain error.*\$
|
||||||
EOF
|
EOF
|
||||||
touch /etc/fail2ban/jail.d/nextcloud.local
|
touch /etc/fail2ban/jail.d/nextcloud.local
|
||||||
cat <<EOF >/etc/fail2ban/jail.d/nextcloud.local
|
cat <<EOF >/etc/fail2ban/jail.d/nextcloud.local
|
||||||
[nextcloud]
|
[nextcloud]
|
||||||
backend = auto
|
backend = auto
|
||||||
enabled = true
|
enabled = true
|
||||||
port = 80,443
|
port = 80,443
|
||||||
protocol = tcp
|
protocol = tcp
|
||||||
filter = nextcloud
|
filter = nextcloud
|
||||||
maxretry = 3
|
maxretry = 3
|
||||||
bantime = 36000
|
bantime = 36000
|
||||||
findtime = 36000
|
findtime = 36000
|
||||||
logpath = /var/nc_data/nextcloud.log
|
logpath = /var/nc_data/nextcloud.log
|
||||||
EOF
|
EOF
|
||||||
update_and_clean
|
update_and_clean
|
||||||
apt install ufw -y
|
apt install ufw -y
|
||||||
ufw allow 80/tcp
|
ufw allow 80/tcp
|
||||||
ufw allow 443/tcp
|
ufw allow 443/tcp
|
||||||
ufw allow 22/tcp
|
ufw allow 22/tcp
|
||||||
ufw enable
|
ufw enable
|
||||||
/usr/sbin/service ufw restart
|
/usr/sbin/service ufw restart
|
||||||
/usr/sbin/service fail2ban restart
|
/usr/sbin/service fail2ban restart
|
||||||
/usr/sbin/service redis-server restart
|
/usr/sbin/service redis-server restart
|
||||||
redis-cli -s /var/run/redis/redis.sock <<EOF
|
redis-cli -s /var/run/redis/redis.sock <<EOF
|
||||||
FLUSHALL
|
FLUSHALL
|
||||||
quit
|
quit
|
||||||
EOF
|
EOF
|
||||||
restart_all_services
|
restart_all_services
|
||||||
nextcloud_scan_data
|
nextcloud_scan_data
|
||||||
exit 0
|
exit 0
|
||||||
Reference in New Issue
Block a user